Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Risk Management

The Value of Cyber Risk Quantification Models Vs. CRQ Frameworks

From the individual to the global level, managing risk is a part of life. While in some contexts, poor risk planning merely results in minor, inconsequential outcomes, in others, such negligence can be catastrophic. Take the July 2024 CrowdStrike incident, for instance, during which a faulty software update put global airlines out of commission, took broadcasters off the air, and cost the market upward of $5 billion in uninsured losses.

Announcing new Snyk AppRisk integration with Orca Security

We’re excited to announce a new Snyk AppRisk integration with Orca Security that brings the best of two worlds together: developer-loved, security-trusted application security from Snyk and leading cloud security from Orca. This integration is big news for organizations looking to align with DevSecOps and enhance collaboration between development and security teams.

Virtual CISO Services: A Smart Solution for Modern Businesses

In today's dynamic cybersecurity landscape, businesses of all sizes face significant challenges in safeguarding their data and systems from cyber threats. As the need for robust cybersecurity measures grows, many organizations are turning to Virtual CISO (vCISO) services as a cost-effective and flexible solution to enhance their security posture. A Virtual CISO is an outsourced cybersecurity professional or team that provides the expertise and guidance of a Chief Information Security Officer (CISO) on a part-time or contract basis.

Evolving the Netskope Risk Exchange Ecosystem

The adoption of cloud services, hybrid workforces, the rapid emergence and use of generative AI (genAI) along with the evolving regulatory environment are forcing security and risk management (SRM) leaders to enhance their SRM spending. Gartner forecasts global SRM spending to grow 14% in 2024. Moreover, worldwide end-user spending on SRM is projected to total $215 billion in 2024, an increase of 14.3% from 2023, according to a new forecast from Gartner, Inc.

Do We Need Yet Another Vulnerability Scoring System? For SSVC, That's a YASS

The security world is awash in acronyms. As a niche in the security world, vulnerability, tracking, measurement, and management is no stranger to inscrutable collections of capital letters. We’ve got NVD, CPE, CWE, CVSS, EPSS, CAPEC, KEV, and of course “CVE”. The key goal of all these frameworks is to try to help folks organize information around vulnerabilities and assess how their presence might increase an organization's exposure.

Billington 2024: Key Cybersecurity Takeaways from the AI Age

SecurityScorecard had the pleasure of participating in the 15th Annual Billington CyberSecurity Conference – a key convening of policymakers and industry thought leaders in our Nation’s Capital. This year’s edition – Advancing Cybersecurity in the AI Age – included over 4,000 registrants and 200 speakers participating in 40+ sessions and breakouts. It would not be an emerging tech and government conference without an extra emphasis on AI.

Why MSSPs Are Short on Good External Risk Management Tools

If you’ve worked in the Managed Security Services Provider (MSSP) industry for a while, you might remember the era when the MSSP tool set consisted only of internal risk management solutions – like software that scanned client endpoints and application source code. Those days are gone. Today, external risk management has become just as critical a part of an MSSP’s job.

CISA's Secure By Design: A Year Later

In April this year, the CISA Secure By Design initiative turned one. The initiative calls for the public and private sectors to work together to challenge and encourage software manufacturing companies to adopt principles to ensure their software is developed and produced as securely as possible. The initiative tracks seven goals that software manufacturers can pledge to develop and transparently track progress towards those goals.